Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6547 | 1 Plays.tv | 1 Plays.tv | 2018-05-21 | 9.4 HIGH | 9.1 CRITICAL |
| plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extract_files parameter is used. This occurs without properly authenticating the user. | |||||
| CVE-2018-6546 | 1 Plays.tv | 1 Plays.tv | 2018-05-21 | 10.0 HIGH | 9.8 CRITICAL |
| plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user. | |||||
| CVE-2018-9248 | 1 Fiberhome | 2 Vdsl2 Modem Hg 150-ub, Vdsl2 Modem Hg 150-ub Firmware | 2018-05-21 | 7.5 HIGH | 9.8 CRITICAL |
| FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header. | |||||
| CVE-2018-9249 | 1 Fiberhome | 2 Vdsl2 Modem Hg 150-ub, Vdsl2 Modem Hg 150-ub Firmware | 2018-05-21 | 7.5 HIGH | 9.8 CRITICAL |
| FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request. | |||||
| CVE-2017-12149 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2018-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data. | |||||
| CVE-2017-0356 | 2 Debian, Ikiwiki | 2 Debian Linux, Ikiwiki | 2018-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. | |||||
| CVE-2017-0357 | 2 Debian, Iucode-tool Project | 2 Debian Linux, Iucode-tool | 2018-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption. | |||||
| CVE-2015-0150 | 1 D-link | 2 Dir-815, Dir-815 Firmware | 2018-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2018-1145 | 1 Belkin | 2 N750, N750 Firmware | 2018-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. | |||||
| CVE-2018-10106 | 1 D-link | 2 Dir-815, Dir-815 Firmware | 2018-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request. | |||||
| CVE-2014-8888 | 1 D-link | 2 Dir-815, Dir-815 Firmware | 2018-05-18 | 10.0 HIGH | 9.8 CRITICAL |
| The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue." | |||||
| CVE-2015-0152 | 1 D-link | 2 Dir-815, Dir-815 Firmware | 2018-05-18 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the administrative password. | |||||
| CVE-2014-3114 | 1 Ezpz-one-click-backup Project | 1 Ezpz-one-click-backup | 2018-05-18 | 7.5 HIGH | 9.8 CRITICAL |
| The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and earlier for WordPress allows remote attackers to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php. | |||||
| CVE-2015-5073 | 2 Ibm, Pcre | 2 Powerkvm, Pcre | 2018-05-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis. | |||||
| CVE-2018-6959 | 1 Vmware | 1 Vrealize Automation | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerability in the handling of session IDs. Exploitation of this issue may lead to the hijacking of a valid vRA user's session. | |||||
| CVE-2018-8954 | 1 Ca | 1 Workload Control Center | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. | |||||
| CVE-2017-14611 | 1 Getcockpit | 1 Cockpit | 2018-05-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component. | |||||
| CVE-2018-10225 | 1 Thinkphp | 1 Thinkphp | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| thinkphp 3.1.3 has SQL Injection via the index.php s parameter. | |||||
| CVE-2017-14323 | 1 Onethink | 1 Onethink | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter. | |||||
| CVE-2017-0372 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. | |||||
| CVE-2017-13011 | 1 Tcpdump | 1 Tcpdump | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). | |||||
| CVE-2017-11543 | 1 Tcpdump | 1 Tcpdump | 2018-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. | |||||
| CVE-2017-11011 | 1 Qualcomm | 22 Mdm9206, Mdm9206 Firmware, Mdm9607 and 19 more | 2018-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 835, a Use After Free condition can occur in a communication API. | |||||
| CVE-2017-18133 | 1 Qualcomm | 14 Mdm9206, Mdm9206 Firmware, Mdm9607 and 11 more | 2018-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, an out of bound access for ebi channel array can potentially occur. | |||||
| CVE-2018-1282 | 1 Apache | 1 Hive | 2018-05-15 | 7.5 HIGH | 9.1 CRITICAL |
| This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation. | |||||
| CVE-2018-9127 | 1 Botan Project | 1 Botan | 2018-05-15 | 7.5 HIGH | 9.8 CRITICAL |
| Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character. | |||||
| CVE-2018-3589 | 1 Qualcomm | 10 Mdm9650, Mdm9650 Firmware, Mdm9655 and 7 more | 2018-05-15 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, the vswr capture size is larger than the maximum size of a diag logPacket, which can lead to a buffer overflow when the sample buffer is copied to the logPacket buffer. | |||||
| CVE-2018-3593 | 1 Qualcomm | 50 Mdm9206, Mdm9206 Firmware, Mdm9607 and 47 more | 2018-05-15 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, repeated enable/disable eMBMS requests may result in a double free condition. | |||||
| CVE-2018-3590 | 1 Qualcomm | 28 Msm8909w, Msm8909w Firmware, Sd 205 and 25 more | 2018-05-15 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, a Use After Free condition can occur in RIL while handling requests from Android. | |||||
| CVE-2018-9230 | 1 Openresty | 1 Openresty | 2018-05-15 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products. NOTE: the vendor has reported that 100 parameters is an intentional default setting, but is adjustable within the API. The vendor's position is that a security-relevant misuse of the API by a WAF product is a vulnerability in the WAF product, not a vulnerability in OpenResty. | |||||
| CVE-2018-9162 | 1 Contec-touch | 2 Smart Home, Smart Home Firmware | 2018-05-15 | 7.5 HIGH | 9.8 CRITICAL |
| Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors. | |||||
| CVE-2018-0545 | 1 Lxr Project | 1 Lxr | 2018-05-15 | 10.0 HIGH | 9.8 CRITICAL |
| LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2018-9848 | 1 Gxlcms | 1 Gxlcms Qy | 2018-05-14 | 7.5 HIGH | 9.8 CRITICAL |
| In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an Admin-Upload-Upload request. | |||||
| CVE-2018-9847 | 1 Gxlcms | 1 Gxlcms Qy | 2018-05-14 | 7.5 HIGH | 9.8 CRITICAL |
| In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. | |||||
| CVE-2017-18074 | 1 Qualcomm | 46 Mdm9607, Mdm9607 Firmware, Mdm9625 and 43 more | 2018-05-14 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 835, while playing a .wma file with modified media header with non-standard bytes per second parameter value, a reachable assert occurs. | |||||
| CVE-2017-18144 | 1 Qualcomm | 28 Msm8909w, Msm8909w Firmware, Sd 205 and 25 more | 2018-05-14 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing the retransmission of WPA supplicant command send failures, there is a make after break of the connection to WPA supplicant where the local pointer is not properly updated. If the WPA supplicant command transmission fails, a Use After Free condition will occur. | |||||
| CVE-2017-18146 | 1 Qualcomm | 56 Mdm9206, Mdm9206 Firmware, Mdm9607 and 53 more | 2018-05-14 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, in some corner cases, ECDSA signature verification can fail. | |||||
| CVE-2017-18127 | 1 Qualcomm | 24 Msm8909w, Msm8909w Firmware, Sd 205 and 21 more | 2018-05-14 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 835, SD 845, while processing a SetParam command packet in the VR service, the extracted name_len and value_len values are not checked and could potentially cause a buffer overflow in subsequent calls to memcpy(). | |||||
| CVE-2017-18139 | 1 Qualcomm | 60 Mdm9206, Mdm9206 Firmware, Mdm9607 and 57 more | 2018-05-11 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, a buffer overflow vulnerability may potentially exist while making an IMS call. | |||||
| CVE-2017-18145 | 1 Qualcomm | 28 Msm8909w, Msm8909w Firmware, Sd 205 and 25 more | 2018-05-11 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while the DPM native process is processing framework events, the iterator pointer is deleted after processing an event. When processing subsequent events, a Use After Condition will occur. | |||||
| CVE-2017-18140 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more | 2018-05-11 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, when processing a call disconnection, there is an attempt to print the RIL token-id to the debug log. If eMBMS service is enabled while processing the call disconnect, a Use After Free condition may potentially occur. | |||||
| CVE-2017-8275 | 1 Qualcomm | 28 Sd 205, Sd 205 Firmware, Sd 210 and 25 more | 2018-05-11 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, SD 835, an integer overflow vulnerability exists in a video library. | |||||
| CVE-2017-18136 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2018-05-11 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, in the omx aac component, a Use After Free condition may potentially occur. | |||||
| CVE-2017-18138 | 1 Qualcomm | 56 Mdm9206, Mdm9206 Firmware, Mdm9607 and 53 more | 2018-05-11 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, in GERAN, a buffer overflow may potentially occur. | |||||
| CVE-2018-9161 | 1 Prismaindustriale | 1 Checkweigher Prismaweb | 2018-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js. | |||||
| CVE-2014-9989 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more | 2018-05-11 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if an incorrect endpoint number or direction is passed, an out of bounds array access may occur in the USB management module. | |||||
| CVE-2015-9136 | 1 Qualcomm | 38 Mdm9206, Mdm9206 Firmware, Mdm9607 and 35 more | 2018-05-11 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20, in pre-auth request, Host driver uses FT IEs sent by the supplicant. A buffer overflow may occur if FT IEs sent by the supplicant are larger than the expected value. | |||||
| CVE-2014-6120 | 1 Ibm | 2 Rational Appscan Source, Security Appscan Source | 2018-05-11 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721. | |||||
| CVE-2018-9326 | 1 Etherpad | 1 Etherpad | 2018-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code. | |||||
| CVE-2017-18142 | 1 Qualcomm | 10 Mdm9650, Mdm9650 Firmware, Mdm9655 and 7 more | 2018-05-11 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9650, MDM9655, SD 835, SD 845, SD 850, while processing the IMS SIP username, a buffer overflow can occur. | |||||